jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1015
|
|
May 30, 2011, 04:58:10 PM |
|
"So i've been working on a method for calculating valid hashes without doing a lame bruteforce" "If my method works, i'll be able to generate 50BTC every few seconds but i'll lower it a bit to avoid arousing suspicion" Ummm, satoshi? http://twitter.com/#!/garethnelson
|
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1015
|
|
May 30, 2011, 05:00:02 PM |
|
garethnelson Gareth Nelson @ @lemonzest2008 my new approach is going to take lots of fucking about with the maths before I write the actual miner itself 4 minutes ago
garethnelson Gareth Nelson @ @lemonzest2008 the one on the AFF site is just a mod of a standard miner - there's source available at aspiesforfreedom.com/mining/src 4 minutes ago
garethnelson Gareth Nelson @ @lemonzest2008 nowhere near complete yet, unless you mean the boring standard one on the AFF site 5 minutes ago
garethnelson Gareth Nelson @ @lemonzest2008 the bitcoin client? run bitcoind, but note it's a bit slow at generating if that's what you're after 12 minutes ago
garethnelson Gareth Nelson @ @ZauberExonar great - how's your digital circuit design? in particular, boolean expression simplification for FPGAs 14 minutes ago
garethnelson Gareth Nelson @ @LozKaye who on earth asked for that? 14 minutes ago
garethnelson Gareth Nelson If I generate one block a day, at current exchange rates that'd be $11200USD/month - anyone want to help out for a cut? 21 minutes ago
garethnelson Gareth Nelson @ @FabinetPM you don't know? :O 22 minutes ago
garethnelson Gareth Nelson I then don't even have to bruteforce - just pick any of the remaining branches at random, then "..." and then "profit" #bitcoin #win 24 minutes ago
garethnelson Gareth Nelson I eliminate the branches that lead to bits outside of the nonce changing in the input, then i'm left with a fixed set of branches 25 minutes ago »
garethnelson Gareth Nelson For NOT gates for example, it's easy - if you want a 0 out, you put a 1 in - for an XOR there's 2 possible inputs that lead to a 1 26 minutes ago
garethnelson Gareth Nelson Then I can calculate the fixed inputs for each gate that will satisfy the output such that it's got the right number of 0s 27 minutes ago
garethnelson Gareth Nelson The output is a wildcard prefix and a bunch of 0s at fixed length - I run backwards from the wildcard bits up through the boolean network 27 minutes ago
garethnelson Gareth Nelson Doing the maths, a circuit with about 6000 logic gates can do SHA256, and 2000 odd of them are OR gates with multiple possible inputs 29 minutes ago
garethnelson Gareth Nelson If my method works, i'll be able to generate 50BTC every few seconds but i'll lower it a bit to avoid arousing suspicion #bitcoin 30 minutes ago
garethnelson Gareth Nelson So i've been working on a method for calculating valid hashes without doing a lame bruteforce
|
|
|
|
Quantumplation
|
|
May 30, 2011, 05:01:49 PM |
|
If he succeeds, bitcoin compromization will be the least of our worries. SHA256 has stood up to mathematical analysis for many years, not just from the bitcoin community but from the entire world.
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
May 30, 2011, 05:04:37 PM |
|
bitcoinfail. Oh well, I guess I'll just start playing Crysis 2 now.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
eturnerx
Member
Offline
Activity: 84
Merit: 10
|
|
May 30, 2011, 05:09:04 PM |
|
If he succeeds, bitcoin compromization will be the least of our worries. SHA256 has stood up to mathematical analysis for many years, not just from the bitcoin community but from the entire world.
^this. Good luck to the guy. Many have tried - and there's so much other security infrastructure that uses SHA256 that we Bitcoin is the least of our worries. Besides, bitcoin'd just move to some other hashing algorithm.
|
|
|
|
Quantumplation
|
|
May 30, 2011, 05:10:28 PM |
|
Looking at how he "thinks" his solution will work, He doesn't understand the concept of destructive operations. Think of it this way: The simplest hash function is %2. Basically, given any input, find the remainder after you divide by 2. It simplifies things down to a keyspace of 1 bit, and obviously there's lots of collisions. However, given that information, there's no way to go backwards to the original number. If I say the "hash" is 1, it could be 1, 3, 5, 7, 9, etc.
SHA256 has the following destructive operations: 6x non-carrying addition Shift right I believe the combination of ANDs and XORs ends up being destructive.
That's just in one iteration, and there are 64 iterations per hash.
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
Insti
Sr. Member
Offline
Activity: 294
Merit: 252
Firstbits: 1duzy
|
|
May 30, 2011, 05:14:23 PM |
|
+1 on what Quantumplation said.
|
|
|
|
Quantumplation
|
|
May 30, 2011, 05:17:12 PM |
|
Aspie, hacker, part-time CompSci+Psychology OU student, pirate party member, AI geek, Assassins Creed fanatic, pseudo-transhumanist
Ultimately, it looks like he's some young hotshot who thinks he understands everything, considers himself a "hacker", and thinks he can best the worlds top mathematicians because he's 2 years into an associates degree at a shitty college. I am dissapoint.
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
May 30, 2011, 05:26:47 PM |
|
For what it's worth I talked to one of the authors behind the current best result against SHA256. They didn't think a failure of SHA256 as it's used in Bitcoin was likely any time soon. The best results from academia produce a random bitstring as the pre-image and only work against a reduced strength version of the algorithm.
|
|
|
|
John Tobey
|
|
May 30, 2011, 05:31:04 PM |
|
For what it's worth I talked to one of the authors behind the current best result against SHA256. They didn't think a failure of SHA256 as it's used in Bitcoin was likely any time soon. The best results from academia produce a random bitstring as the pre-image and only work against a reduced strength version of the algorithm.
I thought he was designing a miner. Why would he need a pre-image for that? All he needs is a partial collision with zero.
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
May 30, 2011, 05:44:51 PM |
|
Looking at how he "thinks" his solution will work, He doesn't understand the concept of destructive operations. Think of it this way: The simplest hash function is %2. Basically, given any input, find the remainder after you divide by 2. It simplifies things down to a keyspace of 1 bit, and obviously there's lots of collisions. However, given that information, there's no way to go backwards to the original number. If I say the "hash" is 1, it could be 1, 3, 5, 7, 9, etc.
SHA256 has the following destructive operations: 6x non-carrying addition Shift right I believe the combination of ANDs and XORs ends up being destructive.
That's just in one iteration, and there are 64 iterations per hash.
Oh, wait, so is it safe to go back to mining?
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
Quantumplation
|
|
May 30, 2011, 05:49:24 PM |
|
Oh, wait, so is it safe to go back to mining?
Er... No... bitcoin is dead, but i'll buy all your bitcoins for $1 each.
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
Dobrodav
|
|
May 30, 2011, 05:53:31 PM |
|
We was lazy disscussed that approuch to breack down the BTC prices (to buy them cheap) on russian local, month ago, and come to conclusion, that there is always be some nerd with numbers in hand, that will destroy that idea, - therefore we refuse it. proof - http://forum.bitcoin.org/index.php?topic=4128.0
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
May 30, 2011, 06:18:55 PM |
|
I thought he was designing a miner. Why would he need a pre-image for that? All he needs is a partial collision with zero.
The input is a block header, the contents of which are not flexible. Only the nonce is.
|
|
|
|
John Tobey
|
|
May 30, 2011, 06:28:52 PM |
|
I thought he was designing a miner. Why would he need a pre-image for that? All he needs is a partial collision with zero.
The input is a block header, the contents of which are not flexible. Only the nonce is. Ah, of course. If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows. Not that I think the Twitter guy is likely to succeed, but in general I see too little attention placed on the strength of Bitcoin's cryptography and too many explanations that fail to mention its theoretical vulnerability. Or citations in support of its strength, for that matter.
|
|
|
|
Quantumplation
|
|
May 30, 2011, 06:34:41 PM |
|
Ah, of course.
If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows.
Not that I think the Twitter guy is likely to succeed, but in general I see too little attention placed on the strength of Bitcoin's cryptography and too many explanations that fail to mention its theoretical vulnerability. Or citations in support of its strength, for that matter.
http://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validationSHA256 isn't JUST used in bitcoin. It's used in SSL, in banks all over the world, wireless encryption, cellphone encryption, encryption/verification for thousands of open source projects, etc. If you need a citation for it's strength, it's been used for 10 years in all these fields without any likely attack vector found.
|
NOTE: This account was compromised from 2017 to 2021. I'm in the process of deleting posts not made by me.
|
|
|
John Tobey
|
|
May 30, 2011, 06:54:23 PM |
|
If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows.
http://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validationSHA256 isn't JUST used in bitcoin. It's used in SSL, in banks all over the world, wireless encryption, cellphone encryption, encryption/verification for thousands of open source projects, etc. If you need a citation for it's strength, it's been used for 10 years in all these fields without any likely attack vector found. I'm aware, thank you for spreading the word. ROT-13 is harder to crack than ROT-13(ROT-13). Has anyone proven the same is not true of SHA256? I will be very surprised...
|
|
|
|
unk
Member
Offline
Activity: 84
Merit: 10
|
|
May 30, 2011, 06:59:07 PM Last edit: May 30, 2011, 07:10:35 PM by unk |
|
relatively little research has been done on the subproblem of sha256 compromise on which bitcoin's security depends. it is not the same problem as one-to-one collisions (i.e., an outright compromise of the function). in the general case, it cannot be determined whether finding a result that corresponds to a pattern that matches x out of 2^256 hashes is indeed no more than x times easier than forcing a one-to-one collision. there are reasons to think that in bitcoin's particular case, it is just about that easy and thus that bitcoin's use of sha256 in mining is secure - but to my knowledge that hasn't been proven.
update for john: for technical reasons, i'm less concerned about that feature of bitcoin's use of sha256. the problem isn't necessarily the same for cyphers as for hashes. as for the former, as potentially interesting background reading (though not necessarily relevant here), see the excellent classic article by maurer called something like 'the importance of being first' in the journal of cryptology.
|
|
|
|
FooDSt4mP
|
|
May 30, 2011, 07:54:51 PM |
|
If I'm not mistaken, most effort has gone into "single" SHA256, and though the composition of SHA256 operations would seem harder to crack, one never knows.
http://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validationSHA256 isn't JUST used in bitcoin. It's used in SSL, in banks all over the world, wireless encryption, cellphone encryption, encryption/verification for thousands of open source projects, etc. If you need a citation for it's strength, it's been used for 10 years in all these fields without any likely attack vector found. I'm aware, thank you for spreading the word. ROT-13 is harder to crack than ROT-13(ROT-13). Has anyone proven the same is not true of SHA256? I will be very surprised... ROT-13 is nondestructive. Very different from SHA-256.
|
As we slide down the banister of life, this is just another splinter in our ass.
|
|
|
sandos
Sr. Member
Offline
Activity: 440
Merit: 250
#SWGT CERTIK Audited
|
|
May 30, 2011, 07:59:23 PM |
|
I had this idea about not removing brute-forcing but optimizing the algorithm since not all output bits are needed, so we backtrack and remove all superfluous calculations. But if its 64 rounds per hash and two hashes, I think the gain would be extremely small. And also maybe this optimization has already been done?
|
|
|
|
|